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Abstract 

In our previous work HI, a divide-and-conquer approach was proposed for cooperative tasking 
among multi-agent systems. The basic idea is to decompose a requested global specification into 
subtasks for individual agents such that the fulfillment of these subtasks by each individual agent 
leads to the satisfaction of the global specification as a team. It was shown that not all tasks can be 
decomposed. Furthermore, a necessary and sufficient condition was proposed for the decomposability 
of a task automaton between two cooperative agents. The current paper continues the results in |[T| 
and proposes necessary and sufficient conditions for task decomposability with respect to arbitrary 
finite number of agents. It is further shown that the fulfillment of local specifications can guarantee the 
satisfaction of the global specification. This work provides hints for the designers on how to rule out 
the indecomposable task automata and enforce the decomposability conditions. The result therefore may 
pave the way towards a new perspective for decentralized cooperative control of multi-agent systems. 



I. INTRODUCTION 

Multi-agent system emerges as a rapidly developing multi-disciplinary area with promis- 
ing applications in assembling and transportation, parallel computing, distributed planning and 
scheduling, rapid emergency response and multi-robot systems jSl, BH, [|5l. The significance 
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of multi-agent systems roots in the power of parallelism and cooperation between simple compo- 
nents that synergically lead to sophisticated capabilities, robustness and functionalities |l2l, jSJ. 
The cooperative control of distributed multi-agent systems, however, is still in its infancy with 
significant practical and theoretical challenges that are difficult to be formulated and tackled by 
the traditional methods Among these challenges, one essential issue is the top-down 

cooperative control to achieve a desired global behavior through the design of local control laws 
and interaction rules flU. Top-down cooperative control is typically synthesized in two levels of 
abstraction: control level and planning (supervisory) layer ifTOl . 

Control level deals with the time-driven continues dynamics of each agent, dynamic topology 
and on-line interactions among the agents, in order for real-time tracking of exact trajectories, 
collision avoidance, formation stability and optimal performance lEl, ifTTj . For this purpose, 
several innovative approaches have been developed such as biomimicry of biological swarms 
and symbolic swarming [fT2|. |[8l, consensus seeking and formation stabilization [|T3l . navigation 
functions for distributed formation [fT4ll . artificial potential functions [flSl . graph Laplacians for 
the associated neighborhood graphs [[T3l . (Ml, [fTTl, graph-based formation stabilization and 
coordination lESl, [l2Ql, El, passivity-based control ES, ll23l, distributed predictive control 
ll24l . game theory -based coordinations [25] and potential games and mechanism design [26], 
ETl . These methods successfully model the interactions among the agents using the topology 
graph and apply Lyaponuv-like energy functions and optimization methods for stabilization and 
formation of the continuous states of the agents. 

In the planning level, on the other hand, one concerns with the event-driven dynamics, discrete 
modes and logical specifications such as visiting successive regions, orchestrating between 
local controllers and path planning for the control layer. One of the main challenges in the 
planning level is the cooperative tasking to allocate local tasks to each agent such that a desired 
logical specification is globally satisfied by the team. Confining to the planning level, this paper 
and its companion |[T1 aim at developing a top-down correct-by-design method for distributed 
coordination and cooperative tasking of multi-agent systems such that the group of agents, as a 
team, can achieve the specified logical requirements, collectively. We assume here that the global 
specification is given as a finite deterministic automaton that is simpler to be characterized; covers 
a wide class of tasks in the context of supervisory control of discrete event systems [28], and can 
uniquely encode the sequence of events in a finite memory space using the notions of states and 



transition relations. Accordingly, the logical behavior of a multi-agent system can be modeled as 
a parallel distributed system [l29l that having the union of local event sets, allows the agents to 
individually transit on their private events, while synchronize on shared events for cooperative 
tasks. Since in this set up, each agent will have access to its local set of sensor readings and 
actuator commands, the interpretation of each agent from the global task automaton can be 
obtained through natural projection of the global task into the corresponding local observable 
events [|30ll . The composition of these local task should be able to retrieve the global task in 
order to perform the cooperative tasking. For this purpose, we are particularly interested in task 
automaton decomposability (also called synthesis modulo problem) to understand that under 
what conditions the collective perception of the team from the global specification (the parallel 
composition of local task automata) is equivalent to the original global task. Generally, three 
types of equivalence relations have been studied in the top-down cooperative control in order 
to compare the global task automaton with the collective one [|29ll . [f30ll . ||3TI : isomorphism, 
language equivalence and bisimulation. Bisimulation-based decomposability is less restrictive 
than synthesis modulo isomorphism and more applicable in control applications, while it is 
more expressive than language separability [l32l. Moreover, it preserves the nondeterminism that 
might appear in the collective tasks, even for deterministic global task automata. 

Given a task automaton and the distribution of its events among the agents, we have shown 
in [HI that it is not always possible to decompose an automaton into sub-automata by natural 
projections, where the parallel composition of these sub-automata is bisimilar to the original 
automaton, and subsequently necessary and sufficient conditions were identified for the decom- 
posability of deterministic task automaton with respect to two local event sets. For more than 
two agents, a sufficient condition was proposed in [[T]| by introducing a hierarchical approach to 
iteratively use the decomposability for two agents. Therefore, the main part of this paper is set 
to provide new necessary and sufficient conditions for the decomposability of a task automaton 
with respect to an arbitrary finite number of agents. The extension is not straightforward and 
requires logical modifications on the conditions for the two-agent result. 

Please note that the main contribution of the current work is to gain insights on decomposability 
of a task automaton rather than checking the decomposability itself. The proposed decompos- 
ability conditions provide us with hints on how to rule out the indecomposable automata and 
how the configuration of local transitions and distribution of events among the agents should 



be in order for decompos ability. It is shown that an automaton is decomposable if and only if 
any decision on the order or selection between two transitions can be made by at least one of 
the agents, the interleaving of any pair of strings after synchronizing on a shared event does 
not introduce a new string that is not in the original automaton (the interleaving of local task 
automata does not allow an illegal global behavior), and each local task automaton bisimulates 
a deterministic automaton (to ensure that the collection of local tasks does not disallow a legal 
global behavior). These insights are important since they give us guidelines on how to set a 
global task to be fulfilled, cooperatively, by the team of agents. 

The rest of the paper is organized as follows. Preliminary notations, definitions and problem 
formulation are represented in Section UIl Section Hill introduces the necessary and sufficient con- 
ditions for decomposability of an automaton with respect to parallel composition and an arbitrary 
finite number of local event sets. Finally, the paper concludes with remarks and discussions in 
Section |Wl The proofs of lemmas are provided in the Appendix. 

II. PROBLEM FORMULATION 
We first recall the definition of deterministic automaton [331 . 

Definition 1: (Automaton) A deterministic automaton is a tuple A := (Q, qo, E, S) consisting 
of a set of states Q; an initial state go ^ Q; ^ set of events E that causes transitions between 
the states, and a transition relation 5 C Q x E x Q (with a partial map 5 : Q x E ^ Q), such 
that (g, e, q') G 5 if and only if state q is transited to state q' by event e, denoted by g A g' (or 
5(g, e) = g'). In general the automaton also has an argument Qm C Q of marked (accepting or 
final) states to assign a meaning of accomplishment to some states. For an automaton whose each 
state represents an accomplishment of a stage of the specification, all states can be considered 
as marked states and Qm is omitted from the tuple. 

With an abuse of notation, the definitions of the transition relation can be extended from the 
domain of Q x E into the domain of Q x E* to define transitions over strings s E E*, where 
E* stands for the Kleene — Closure of E (the collection of all finite sequences of events over 
elements of E). 

Definition 2: (Transition on strings) For a deterministic automaton the existence of a transition 
over a string s E E* from a state q E Q is denoted by 5{q,s)\ and inductively defined as 



S{q,e) = q, and S{q,se) = 6{6{q,s),e) for s E E* and e e E. The existence of a set L C E* 
of strings from a state q E Q is then denoted as 5{q, L)\ and read as Vs G L : 5{q, s)\. 

The transition relation is a partial relation, and in general some of the states might not be 
accessible from the initial state. 

Definition 3: The operator Ac{.) [|34l is then defined by excluding the states and their attached 
transitions that are not reachable from the initial state as Ac{A) = (Qac, qo, E, Sac) with Qac = 
{q E Q\3s E E*,q E 6{qo,s)} and 6ac = {(g, e,g') E 5\e E E,q,q' E Qac}- Since Ac{.) has no 
effect on the behavior of the automaton, from now on we take A = Ac{A). 

The qualitative behavior of a deterministic system is described by its language defined as 

Definition 4: (Language, language equivalent automata) For a given automaton A, the lan- 
guage generated by A is defined as L{A) := {s E E*\5{qo, s)\}. Two automata Ai and A2 are 
said to be language equivalent if L{Ai) = L{A2). 

In cooperative tasking, each agent has a local observation from the global task: the perceived 
global task, filtered by its local event set, i.e., through a mapping over each agent's event set, as 
the interpretation of each agent from the global task. Particularly, natural projections Pe^As) 
are obtained from As by replacing its events that belong to E\Ei by e-moves, and then, merging 
the e-related states. The ^-related states form equivalent classes defined as follows. 

Definition 5: (Equivalent class of states, ^3011 ) Consider an automaton As = (Q, qo, E, S) and 
an event set E' C E. Then, the relation r^E' is the minimal equivalence relation on the set Q 
of states such that q' E 5{q,e) A e ^ E' ^ q r^E' q\ and [q]E' denotes the equivalence class 
of q defined on r^E'- The set of equivalent classes of states over is denoted by Q/r^^^, and 
defined as Q/^^, = {[q]E'\q e Q}. 

r^E' is an equivalence relation as it is reflective (g ^^e' q), symmetric (g ^^e' g' ^ q' ^e' g) 
and transitive (g g' A g' q" =^ q ^e' q")- 

It should be noted that the relation ~ e' can be defined for any E' C E, for example, ~ e, and 
^E.uEp respectively denote the equivalence relations with respect to Ei and Ei U Ej. Moreover, 
when it is clear from the context, ~j is used to denote for simplicity. 

Next, natural projection over strings is denoted hy pe' : E* ^ E'*, takes a string from the 
event set E and eliminates events in it that do not belong to the event set E' C E. The natural 
projection is formally defined on the strings as 

Definition 6: (Natural Projection on String, lIMl ) Consider a global event set E and an event 



set E' C E. Then, the natural projection pe' : E* — )• E'* is inductively defined as Pe'{^) = ^, 

, , I PE>{s)e if e e E'\ 
and Vs G e G S : Pij'(se) = <^ ^ ^ 

Pe'{s) otherwise. 

The natural projection is then formally defined on an automaton as follows. 
Definition 7: (Natural Projection on Automaton) Consider a deterministic automaton As = 
(Q, go, E, 5) and an event set E' C E. Then, Pe'{As) = {Qi = Q/^^,, [qoIe', E', 5'), with [q']E' G 
6'{[q]E',e) if there exist states qi and q[ such that qi r^E' Q, Qi ^e' q', and 6{qi,e) = q[. Again, 
PE'iAs) can be defined into any event set E' C E. For example, PeX^s) and PEiUEj{As), 
respectively denote the natural projections of As into Ei and Ei U Ej. When it is clear from the 
context, Pg;. is replaced with Pi, for simplicity. 

The collective task is then obtained using the parallel composition of local task automata, as 
the perception of the team from the global task. 

Definition 8: (Parallel Composition ^33^ ) 
Let Ai = {Qi,q^,Ei,5i), i = 1,2, be automata. The parallel composition (synchronous compo- 
sition) of Ai and A2 is the automaton Ail = {Q = Qi x Q2, Qo = {Qi, qT)^ E = EiU E2, S), 
with 6 defined as V(gi, q2) & Q,e E E : 

e), 52(^2, e)) , if e)!, 52(^2, e)!, eeE^n E2, 
e), 52) , if e)!, e G Ei\E2, 

(gi, 52(^2, e)) , if (52(g2, e)!, e G ^2\^i; 

undefined, otherwise. 
The parallel composition of Ai, i = l,2,...,n is called parallel distributed system, and is 

n 

defined based on the associativity property of parallel composition [,34] as || A, := Ai || ... || 

i=l 

Ar, := An II II (■■■ II (A2 II Ai))). 

The obtained collective task is then compared with the original global task automaton using 
the bisimulation relation, in order to ensure that the team of agents understands the global 
specification, collectively. 

Definition 9: (Bisimulation [|34ll ) Consider two automata Ai = {Qi,q^, E,5i), i = 1,2. The 
automaton Ai is said to be similar to A2 (or A2 simulates Ai), denoted by Ai -< A2, if there exists 
a simulation relation from Ai to A2 over Qi, Q2 and with respect to E, i.e., (1) (gi,?^) ^ 
and (2) V(gi,g2) e R,q[e 5i(gi,e), then G Q2 such that q'^ G 52(^2, e), iq[,q'2) e R jMl. 

Automata Ai and A2 are said to be bisimilar (bisimulate each other), denoted by Ai = A2 if 
Ai -< A2 with a simulation relation Ri, A2 -< A\ with a simulation relation R2 and = R2 



11351 . where R^^ = {{y,x) E Q2 x Qi\{x,y) e Ri}. 

Based on these definitions we may now formally define the decomposability of an automaton 
with respect to parallel composition and natural projections as follows. 

Definition 10: (Automaton decomposability) A task automaton As with the event set E and 

n 

local event sets Ei, i = 1, ...,n, E = U Ei, is said to be decomposable with respect to parallel 



composition and natural projections P^, i = 1, ■ ■ ■ ,n, when || Pj (As) = As- 

i=l 



Example 1: The automaton A5: , 



h 63 



\ 



62 6 63 C 65 



with E = EiU E2 U E3, El = {a, c, ei, 65}, E2 = {a, 6,^,62}, ^3 = {^£,63}, Pi{As) 

pr J , , a £2 b d 



and P^{As) = ^.-t.^.^.,is decomposable as A, ^ Pi{As)\\P2{As)\\P3{As). 

Remark 1: Since bisimilarity is an equivalence relation it is also transitive, and hence Pi{Asys 
can be denoted as being bisimilar, rather than equal to the drawn automata, since Pl{As) = 

n n 

Pi{As), i = 1, . . . , and II Pl{As) = As is equivalent to || Pi{As) = As. 

i=l i=l 

In |[T1, we proposed a necessary and sufficient condition for the task decomposability with 
respect to two agents. For more than two agents a hierarchical algorithm was proposed to 
iteratively use the decomposability for two agents. The algorithm is a sufficient condition only, 
as it can decompose the task automaton if at each stage the task is decomposable with respect 
to one local event set and the rest of agents. For instance in Example [U A^, is decomposable as 
As = Pi{As) I |P2(^5) 1 1-^3(^5), and choosing any of local event sets Ei, E2 and E3 the algorithm 
passes the first stage of hierarchical decomposition, as Ag = Pi(y45)||(P2(^5)||-P3(^s)) — 
PsiAsmPiiAs)\\P2iAs)) = P2iAsmPiiAs)\\P3{As)), but it sucks at the second step, as 

Pe^ueMs) ^ P2{As)\\P3{As),Pe,ue,{As) ^ Pi{As)\\P2{As) and Pe.ueMs) ^ PiiAsWsiAs)). 
Moreover, it is possible to show by counterexamples that not all automata are decomposable 
with respect to parallel composition and natural projections (see following example). Then, a 
natural follow-up question is what makes an automaton decomposable. 



Problem 1: Given a deterministic task automaton As with event set E = U Ei and local event 

i=l 

sets Ei, i = 1, - ■ ■ ,n, what are the necessary and sufficient conditions that As is decomposable 

n 

with respect to parallel composition and natural projections Pi, i = I,-- - ,n, such that || 

n (As) = As7 

III. TASK DECOMPOSITION FOR n AGENTS 

The main result on task automaton decomposition is given as follows. 

Theorem 1: A deterministic automaton As = \Q.,qQ, E = \J Ei,6 ) is decomposable with 



=1 / 

n 



respect to parallel composition and natural projections Pi, i = 1, ...,n such that As = \\ Pi i^s) 

i=l 

if and only if 

. DCl: Vei, 62 G g G Q: d)! A 62)!] 

[3Ei G {^1, . . . , E„}, {ei, 62} C Ei] V [(5(g, 6162)! A 5(g, 6261)!]; 
. DC2: yei,e2 e E,q e Q, s e E*: [5{q, dCas)! V S{q, eaCis)!] 

[3Ei G {El, En}, {ei, 62} C Ei] V [5{q, 61625)! A 5{q, 6261s)!]; 
. DCS: Vg, gi,g2 G Q, strings s,s' over 5(g, s) = qi, 5{q,s') = q2, G {1, ■ ■ ■ ,n}, 

n 

i 7^ h PE,nE,{s), PE,nE,{s') start with a e Ei (1 Ef \\ Pi{A) -< As{q) (where A : = 

i=l 

^ • 9- • and As{q) denotes an automaton that is obtained from As, starting 



from q, and 

• DCA: \/i G {l,...,n}, x,X\,X2 G Qi, X\ 7^ X2, 6 G Ei, t G E*, Xi G 5i{x,e), X2 G Si{x,e): 
Si{xi,t)\ ^ 6i{x2,t)\. 

n 

Proof: In order for As = \\ Pi{As), from the definition of bisimulation, it is required to 

i=l 

n n 

have As -< \\ Pi {As); \\ Pi {As) -< As, and the simulation relations are inverse of each other. 

i=l i=l 

These requirements are provided by the following three lemmas. 

n 

Firstly, || Pi {As) always simulates As- Formally: 

i=l 

Lemma 1: Consider a deterministic automaton As = \Q,qo,E= \J Ei,5\ and natural pro- 



i=l 



jections Pi, i = 1, n. Then, it always holds that As -< \\ Pi {As) 



i=l 

n 



The similarity of \\ Pi {As) to As, however, is not always true (see Example [2l), and needs 



i=l 



some conditions as stated in the following lemma. 



Lemma 2: Consider a deterministic automaton As = [Q^qo^E = |J Ej, 5 ] and natural pro 



i=l 



jections Pi, i = 1, Then, || Pj {As) -< As if and only if 



DCl: Vei, 62 G ^, g G Q: [5(g, ei)! A 6{q, 62)!] 
^ [3Ei G {^1, . . . , {ei, 62} C Ei] V [(5(g, 6162)! A 5(g, 6261)!]; 
Vei, 62 G g G Q, s G E*: [6{q, 61625)! V 6261s)!] 
[3E, G {El, . . . , Er,}, {61, 62} C Ei] V [(5(g, 6162s)! A S{q, 6261s)!]; 
DCS: Vg,gi,g2 G Q, strings s, s' over 6{q,s) = qi, 6{q,s') = q2, G {1, ■ ■ ■ 

n 

i 7^ J' mnE,(s), PE,nEj{s') start with a G Ej n E^-: || Pi{A) -< ^^(g) (where A := 

i=l 

^ • *- • and As{q) is an automaton that is obtained from As, starting from q). 



Next, we need to show that for two simulation relations Ri (for As -< \\ Pi (As)) and R2 



1=1 



(for II Pi (As) -< As) defined by the above two lemmas, Ri^ = R2- 



i=l 



Lemma 3: Consider an automaton As = {Q,qo,E = Ei U E2,6) with natural projections 

n 

Pi, i = l,...,n. If As is deterministic. As -< \\ Pi (As) with the simulation relation Ri and 

i=l 

n 

II Pi (As) -< As with the simulation relation R2, then R^^ = R2 (i.e., ^q E Q, z E Z: 

1=1 

{z, q) E R2<^ {q, z) E Ri) if and only if DC A: Vi G {1, n}, x, Xi, X2 E Qi, Xi X2, e E Ei, 
t E E*, xi E 6i{x,e), X2 E 6i{x,e): 6i{xi,ty. <^ 6i{x2,t)l. 

Now, Theorem [His proven as follows. Firstly, conditions DCl and DC2 in Theorem [T] are 
equivalent to the respective conditions in Lemma [2] due to the logical equivalences (pAq) =^ r = 
q =^ (-ip V r) and p <S=^ g = (p V g) ^ (p A g), for any expressions p and g. Then, according to 

n n 

Definition |9l As = \\ Pi (As) if and only if As ^ \\ Pi{As) (that is always true due to Lemma 

1=1 i=l 

n 

[B, II -Pi (^5) -< As (that it is true if and only if DCl, DC2 and DCS are true, according 



1=1 



to Lemma O and Ri^ = R2 (that for a deterministic automaton As, when As \\ Pi{A 



s) 



1=1 



with simulation relation Ri and || Pi (As) -< As with simulation relation R2, due to Lemma [3l 

1=1 

n 

R^^ = R2 holds true if and only if DCA is satisfied). Therefore, As = \\ Pi (As) if and only 
if DCl, DC2, DCS and DCA are satisfied. '"^ ■ 

Remark 2: Intuitively, the decompos ability condition DCl means that for any decision on 
the selection between two transitions there should exist at least one agent that is capable of 



the decision making, or the decision should not be important (both permutations in any order 
be legal). DC2 says that for any decision on the order of two successive events before any 
string, either there should exist at least one agent capable of such decision making, or the 
decision should not be important, i.e., any order would be legal for occurrence of that string. 
The condition DCS means that the interleaving of strings from local task automata that share the 
first appearing shared event {pEinEj (s) and PE.nEj (s') start with the same event a E Ei D Ej), 
should not allow a string that is not allowed in the original task automaton. In other words, DCS 
is to ensure that an illegal behavior (a string that does not appear in As) is not allowed by the 

n 

team (does not appear in \\ Pi (As)). The last condition, DC A, deals with the nondeterminism 

1=1 

of local automata. Here, As is deterministic, whereas Pi (As) could be nondeterministic. DCA 
ensures the determinism of bisimulation quotient of local task automata, in order to guarantee 

n 

that the simulation relations from As to \\ Pi (As) and vice versa are inverse of each other. By 

i=l 

providing this property, DCA guarantees that a legal behavior (appearing in As) is not disabled 

n 

by the team (appears in || Pj (^5))- 

i=l 

Example \T\ showed a decomposable automaton. Following example illustrate the automata 
that are indecomposable due to violation of one of the decomposability conditions DCl-DCA, 
respectively, although satisfy other three conditions. 

Example 2: The automata Ai. s_ « '^^ ^ « with local event sets Ei = {61,63}, E2 = 



62 



{62}, E3 = {63}; A2: ^ . ^ . ^ . with El = {a, 61}, E2 = {a, 62}; 



62 ^ a 



A3: . . . . with El = {a, b, 61}, E2 = {a, b, 62}, E^ = {b}, and A^: 

ei f 



62 



I 

' ei 



62 



with E = E1UE2IJE3, El = {a, b, 61, 62, 63}, 



E2 = E3 = {a, b, 62, 63} are not decomposable as they respectively do not satisfy DCl, DC2, 
DCS and DC A, while fulfill other three conditions. 



Remark 3: (Decidability of the conditions) Since this work deals with finite state automata, 
the expression s e E* in the decomposability conditions can be checked over finite states as 
follows. 

The first condition DCl involves no expression "s E E*'\ and hence, can be checked 
over the finite number of states and transitions. According to the definition, the second con- 
dition DC2: Vei,e2 e E,q e Q,s e E\\JEi G {Ei, E„} , {d, 62} (^L Ei. 5(g,eie2s)! <^ 
5 (g, 62615)!; (or DC2: V6i,62 e E,q e Q, s e E*: 6162s)! V 6261s)!] ^ [3^, G 
{El, . . . , En}i {61, 62} C Ei] V [5{q, 6162s)! A 5(g, 6261s)!]) can be checked by showing the exis- 
tence of a relation R2 on the states reachable from 5{q, 6162) and 5{q, 6261) as 6162), 6261)) G 
R2, V(gi,g2) eR2,ee E: 

1) 6{qi, e) = q[^ Bq'^ G Q, 6{q2, e) = q'^, {q[, q'^) G R2, and 

2) 5(g2, e) = q'2^ 3q[ G Q, 5{qi, e) = q[, {q[, q'2) G R2. 

For instance, A2 in Example [2] violates DC2 as (5(go, ^162), 5(go) ^261)) G R2, 362 ^ -f', 
5(5(go,ei62),62)!, but ^5(5(go, 6261), 62)!. 

Checking DC3 also can be done over finite states by corresponding the pairs of strings s, s' 
such that 3g, gi,g2 e <5, s) = gi, s') = g2, 3z,j G {1, ■ ■ ■ , n}, i 7^ j, PE,nE,{s), 
PEiCiEjis') Start with a G -Ei fl -E^, and then forming A := ^ • — ^ • and As{q) ( an 

n 

automaton that is obtained from As, starting from q). and checking || Pi (A) -< As{q). For 

i=l 

example, consider A3 in Example [21 and let si, S2 and S3 denote its strings from top to bottom. 
This automaton is not decomposable since || Pi (A) -/< As{cIq) for A := ^ • ^ • . 

n 

Here, Si and S2 synchronize on a G -Ei fl i?2 and generate a new string e\ahe2 in \\ Pi (A) that 

i=\ 

does not appear in As- The fourth condition (DCA: \Ji G {1, ...,«}, a;, Xi,X2 G Qi, Xi 7^ X2, 
e e Ei, t e E*, xi G 5i{x,e), X2 G 5i{x,e): 5i{xi,t)\ <^ 5i{x2-,t)\) also can be checked over 
finite states, by checking the existence of a relation on the states reachable from xi and X2 
as (xi,a;2) G -R4, V(a;3,a;4) G -R4, e e E: 

1) X3 G (5j(x3,6) ^ 3x4 G Qj, a;4 G (5j(x4,6), (x3,X4) G -R4, and 

2) X4 G 5i(x4,6) ^ 3x3 G Qj, Xg G 5j(x3,6), (x3,a;4) G -R4. 

Definition of this relation is a direct implication of DCA that requires identical strings after any 
nondeterministic transition in any local automaton. For example, the task automaton A^ in Exam- 



ple[2ldoes not satisfy DC A, as for P2{As) = ^3(^5) = a (V}) -(^ -(^ 

- (g) ^(g) ^(g) 

Ri = {(1/1,1/4), (^2, 1/5), (1/3, Z/e)}, (z/3,1/6) e Ri, 3e3 G ^, 52(1/6,63)!, but ^^2(1/3, 63)!- 

Remark 4: (Complexity) Let \Q'\ be the summation of number of states in two longest 

branches of and \Q\, \E\ and n denote the size of the state space, the size of the event 

set and the number of agents (number of local event sets), respectively. 

The complexity of DCl is of the order of l-Ep x \Q\, as the pairs of events have to be 

checked ( O 1^ 1^ j j = O [^mi^) = O (MlEhll^ ~ Q {\Ef)) from each state i\Q\). 

Complexity of DC2 is calculated as the order of x \Q\ x \6\ = \E\^ x \Q\^ as investigating 
pairs of events from each state is of the order of \E\'^ x \Q\ as discussed for DCl and the 
cardinality of the relation 5 in the worst case is \5\max = \Q\ x \E\ x \Q\ due to the checking of 
events from pairs of states in R2. The complexity of DCS on the other hand is of the order of 
(n X \E\ X \Q'\ + ig'l" X \E\ + IQ'p" x |E|) x ^ |Q'|2« x \E\\ where nx\E\x \Q'\ is for the 
natural projections; x \E\ is because of parallel compositions; \Q'\'^^ x \E\ is for checking 

n 

II Pi (A) -< As{q), and l-Ep is due to picking the pairs of strings as it was discussed for DCl. 

1=1 

Finally, DCA has the complexity of the order of n x 1^1 x\Q\+nx \Q\'^ x 1^1 ^ n x |Qp x \E\, 
where the first term is due to checking of each event from each state in each agent, and the 
second one comes from the checking of each event from pairs of states for each agent in R2. 

The complexity of the direct method for decomposability, i.e., obtaining the natural projections, 
doing parallel composition and comparing with the original automaton, has the order of n x 
1^1 X |Q| + |Q|"x |E| + |g| X \E\ X |Q| + |g|"x |E| X |Q|" + |Q| x \Q\^ ^ \Q\^^ x \E\, where 
the first term is due to the natural projection for each agent, the second one because of parallel 

n 

composition, the third and fourth terms for checking the simulation relations As -< \\ Pi{As) 



1=1 



and 1 1 Pi (As) -< As, and the last term is for checking that the simulation relations are inverse 

i=l 

of each other. 

Therefore, the complexity of the proposed method is |Q'p" x \E\'^ while the complexity of 
the method with constructing the parallel composition of the natural projections and checking 
the bisimilarity with the initial automaton is of the order |Qp" x l^'l. In practice, \Q'\ <^ \Q\ 
and hence for large scale systems with a big n, the proposed method yields less complexity. 



More importantly, the proposed method provides some guideline on the structure of the 
global specification automaton and the distribution the events among the agents in order for 
decomposability. 

Remark 5: (Insights on enforcing the decomposability conditions) The result in Theorem [T] 
provides us some hints for ruling out indecomposable task automata and for enforcing the violated 
decomposability conditions. For example, if 3ei, 62 ^ E,q E Q: [6{q, ei)! A 5{q, 62)!] but neither 
3Ei G . . . , -E„}, {ei, 62} C Ei nor 6{q, 6162)1 A5(g, 6261)!, then As is not decomposable 
due to the violation of DCl. To remove this violation there should exist an agent with local 
event set Ei G {-Ei, . . . , £'„} such that {61,62} C Ei. For instance, for Ai in Examples |2] 
if E2 = {61,62} and E3 = {62,63}, then DCl was satisfied. This solution also works for 
an indecomposability of As due to a violation of DC2 where 36i,62 E E,q E Q, s E E*: 
6162s)! V (5(g, 6261s)! but neither 3Ei E {i?i, . . . , -E^}, {61, 62} C Ei nor 6162s)! A 
5{q, 6261s)!. Violation of other two conditions, DCS and DCA, is caused due to synchronization 
of two different branches s and s' from different local task automata, say Pi{As) and Pj(As), on 
a common event a E EiD Ej. This synchronization may impose an ambiguity in understanding 
of As, when Pi{As) and Pj{As) synchronize on a. If one string in Pi{As) after synchronization 
on a, continues to another string in Pj(As) and this interleaving generates a new string in 

n 

II Pi (As) that does not appear in As, then DCS is dissatisfied, whereas if this interleaving 



i=l 



causes that a string in As cannot be completed in || Pi (As), then DCA is violated. DCA 



i=l 



can be also violated due to a nondeterminism on a private event in a local automaton, which 

n 

again causes an ambiguity in the collective task || Pi (As). One way to remove this ambiguity 

i=l 

is therefore by introducing the first events in s and s' to both Ei and Ej. In this case the 
synchronization on event a will only occur on the projections of identical strings from As 
and also it avoids the nondeterminism in local automata. For example, the task automaton As'. 
^ . ; . ° , , with local event sets Ei = {0,61,63} and E2 = {a, 62} satisfies 

a i 

' 62 63 



63 ^ ^ ^ 62 

DCl and DC2, but violates DCS and DCA, and hence is not decomposable as the parallel 

61 a a 

composition of Pi{As) = ^ • ^ • ^ • , and P2{As) = ^ • ^ • , is 

^\ a i 



Pi{As)\\P2iAs) = • -^-^ • • — ^ • — ^ • — ^ • ^ Now, inclusion of ei in 



62 ' '63 



63 ^ X 62 



£'2 leads to P2(^5) — ^ • ^ • ^ • and makes As decomposable. 

^^T^ 62 



Once the task is decomposed into local tasks and the local controllers are designed for each 
local plant, the next question is guaranteeing the global specification, provided each local closed 
loop system satisfies its corresponding local specification. 

The cooperative tasking result can be now presented as follows. 

n 

Theorem 2: Consider a plant, represented by a parallel distributed system || Ap-, with given 

i=l 

local event sets Ei, ^ = 1, ...,n, and let the global specification is given by a deterministic task 

n 

automaton As, with E = VJ Ei. Then, designing local controllers Ac^, so that Ac^ \\ Ap- = 
Pi{As), i = 1, ■ ■ ■ derives the global closed loop system to satisfy the global specification 

n 

As, in the sense of bisimilarity, i.e., || (Ad \\ Ap-) = As, provided DCl, DC2, DCS and 
DC A for As. 

Proof: Following two lemmas are used during the proof. 
Lemma 4: (Associativity of parallel composition ||34| ) Pi{As) \\ P2iAs) || ■ • • || Pn-iiAs) \\ 

P„iAs) = PniAs) II (Pn-Ms) II (■ ■ ■ II iP2iAs) \\ PMs)))). 

Lemma 5: [IJ If two automata A2 and A4 (bi)simulate, respectively, Ai and ^3, then A2 \\ A^ 
(bi)simulates A\ || A3, i.e., 

1) (Ai -< A2) A (A3 -< A4) ^ (Ai II A3 -< A2 II A4); 

2) (Ai = A2) A (A3 = A4) ^ (Ai II A3 = A2 II A4). 

Now, satisfying DCl-DCA for As, according to Theorem [H leads to decomposability of As 

n 

into local task automata Pi{As), i = 1, ...,n, such that As = \\ Pi{As). Then, choosing local 

i=l 

controllers Ac-., so that Aq || Ap- = Pi{As), i = 1,2, ■ ■ ■ ,n, due to Lemmas H] and [5l2, results 

n n 

in II (Ac, II ApJ = II Pi{As) = As. ■ 

i=l i=l 

Now, if DC\-DCA is reduced to DC1-DC3 (conditions in Theorem [U are reduced into the 

n n 

conditions in Lemma O, then || Pi{As) = As is reduced into || Pi{As) -< As, and hence, 

i=l i=l 

choosing local controllers A^,, so that A^, || Ap. -< Pj(As), i = 1,2, ■ ■ ■ ,n, due to Lemmas |4] 

n n 

andOl leads to || (Ac, || ApJ -< || Pi{As) -< As. Therefore, 

1=1 1=1 

Corollary 1: Considering the plant and global task as stated in Theorem |2l if DC1-DC3 are 



satisfied, then designing local controllers A^, so that \\ Ap- Pi{As), i = I, ■ ■ ■ ,n, derives 
the global closed loop system to satisfy the global specification As, in the sense of similarity, 

n 

i.e., II {Ac, II ApJ -< As. 
1=1 

In the following example, we recall the task automaton of cooperative multi-robot scenario 
from yj (with the correction of robot indices R2, Ri and Rs from right to the left), where 
the global task automaton has been decomposed into local task automata using a hierarchical 
approach as a sufficient condition by which the decompos ability conditions for 2 agents are 
successively used for n agents. Here, we decompose As directly using Theorem [U 

Example 3: (Revisiting Example in Section 5 for decomposability using Theorem \\\) Con- 
sider a team of three robots Ro and R-^ in Fisure [U initiallv in Room 1. All doors 




Fig. 1. The environment of MRS coordination example. 

are equipped with spring to be closed automatically, when there is no force to keep them 
open. After a help announcement from Room 2, the Robot R2 is required to go to Room 
2, urgently from the one-way door D2 and accomplish its task there and come back imme- 
diately to Room 1 from the two-way, but heavy door Dl that needs the cooperation of two 
robots Ri and R-^ to be opened. To save time, as soon as the robots hear the help request 
from Room 2, R2 and -R3 go to Rooms 2 and 3, from D2 and the two-way door D3, re- 
spectively, and then Ri and R3 position on Di, synchronously open Di and wait for the 
accomplishment of the task of R2 in Room 2 and returning to Room 1 (R2 is fast enough). 
Afterwards, Ri and R^ move backward to close Di and then R3 returns back to Room 1 from 



D^. All robots then stay at Room 1 for the next task |[T1. These requirements can be translated 
into a task automaton for the robot team as it is illustrated in Figure [2l defined over local 
event sets Ei = {hi, RitoDi, RionDi, FWD, Diopened, R2inl, BWD, Didosed,r}, E2 = 
{h2, R2to2, R2in2, Diopened, R2tol, R2inl, r}, and E3 = {h^, R^toS, R^inS, R^toDi, R^onDi, 
FWD, Diopened, R2inl, BWD, Didosed, R^tol, R^inl, r}, with hi:= Ri received help 
request, i = 1,2,3; RjtoDi:= command for Rj to position on Di, j = 1,3; RjonDi:= Rj has 
positioned on Di, j = 1,3; FWD:= command for moving forward (to open Di); BWD:= 
command for moving backward (to close Di); Diopened:= Di has been opened; Didosed:= 
Di has been closed; r:= command to go to initial state for the next implementation; Ritok:= 
command for Ri to go to Room k, and Riink:= Ri has gone to Room A;, z = 1, 2, 3, A; = 1, 2, 3. 
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Fig. 2. Task automaton As for robot team. 



To check the decomposability of ^5 using Theorem [H firstly DCl and DC2 are satisfied since 
for any order/selection on the pairs events, each from one of the sets {hi, RitoDi, RionDi} C 
Ei\{E2UE3}, {h2, R2to2, R2in2} C EsVl^iUEg} and {/13, RstoS, R^inS, R^toDi, R^onDi] C 



E^XiEi U E2} and also the pairs of event FW, paired with events from {h2, R2to2, R2in2}, 
the events appear in both orders in the automaton. The rest of orders/selections on transitions 
that are not legal in both orders can be decided by at least one agent, as {RionDi, FWD} C Ei, 
{R3onDi,FWD} C E3, {FWD, Diopened} C Ei, {Diopened, R2tol} C E2, {R2tol, R2inl} C 
E2, {R2inl,BWD} C Ei, {BWD, Didosed} C E^, {Didosed, R^tol} C E^, {Rstol, Rsinl} C 
E-i, {R^inl^r} C Es, {r, hi} C Ei, {r, h2} C E2, {r, hs} C E^. Moreover, since starting from 
any state, each shared event e G {FWD, Diopened, R2inl, BWD, Didosed, r} appears in only 
one branch, DCS is satisfied. Furthermore, DCA is also satisfied since Pi{As), i = 1,2,3 are 
deterministic automata. Therefore, according to Theorem [H As is decomposable into Pi(As), 
i = 1,2, 3, as illustrated in Figure [3l bisimulates As. Choosing local controllers A^ := Pi{As) 

Tj / A \ hi RionDi Diopened BWD 

i^l{As): 

1 RitoDi FWD R2inl Didosed n 

I : J 

U / A \ h2 R2in2 R2tol 

r2{Asy. 

1 R2to2 Diopened R2inl \ 

V L_ y 

ry / A \ hg RsinS RsonDi Diopened BWD R^tol 

^3[A-s)- 

R'itoS RstoDi FWD R2inl Diclosed Rzinl 

r 

Fig. 3. Pi{As) for Ri\ P2{As) for R2 and P-i(As) for R^. 

n 

leads to A^ \\ Ap- = Pi(As), i = 1,2,3 that according to Theorem [21 results in || {Ac^ \\ 

1=1 

n 

Ap.) = II Pi{As) = As, i.e., the team of controlled robots collectively satisfy the global 

i=l 

specification As- Suppose that Ri does not inform the occupance Diopened to R2- In that case, 
there was not exist an agent to decide on the order of event pairs {Diopened, R2tol] and the 
task was undecompo sable. According to the insight from DC2, sharing Diopened between Ri 
and i?2 makes As decomposable. The scenario has been successfully implemented on a team 
of three ground robots. We include a breif version of the example in the paper and, due to the 
restriction in space, the reader are referred to |[T1 for the description and figures of the scenario 
and the global task. 



IV. CONCLUSION 

The paper proposed a formal method for automaton decomposability, applicable in top-down 
decentralized cooperative control of distributed discrete event systems. Given a set of agents 
whose logical behaviors are modeled in a parallel distributed system, and a global task automaton, 
the paper has the following contributions: firstly, we provide necessary and sufficient conditions 
for decomposability of an automaton with respect to parallel composition and natural projections 
into an arbitrary finite number of local event sets, and secondly, it has been shown that if a global 
task automaton is decomposed for individual agents, designing a local supervisor for each agent, 
satisfying its local task, guarantees that the closed loop system of the team of agents satisfies 
the global specification. 

The proposed decomposability conditions can be applied to the discrete event systems in which 
all states are marked. The example of such systems include the manufacturing machines with 
routine tasks, execution of PLC (programmable Logic Controller) systems that the subroutines 
are visited iteratively, and any other such systems that all states of the system should be visited 
and hence can be attributed to marked states. Therefore, future works include the extension 
of the results for the class of systems with only some of the states as marked states. For this 
purpose new decomposability conditions have to be developed such that the composition of local 
automata preserves the marked states of the global task automaton. Other interesting directions 
on this topic are the fault-tolerant task decomposition in spite of failure in some events, and 
decomposabilizability of an indecomposable task automaton by modifying the event distribution. 

Appendix A 

Definitions 

This part provides some definitions to be used during the proofs of the lemmas in the Appendix. 
Firstly, we successive event pair and adjacent event pair are defined as follows. 

Definition 11: (Successive event pair) Two events ei and 62 are called successive events if 

3qeQ: 5{q, Ci)! A 5{5{q, Ci), 63)! or 5{q, 62)! A 5{5{q, 62), ei)!. 
Definition 12: (Adjacent event pair) Two events ci and 62 are called adjacent events if 3q e 

Q : 6{q, ei)\ A S{q, 62)1. 

We will also use synchronized product of languages in the following section, defined as 
follows. 



Definition 13: (Synchronized product of languages [|32ll ) Consider a global event set E and 

n 

local event sets Ei, i = 1,. . .,n, such that E = U Ei. For a finite set of languages |Lj C 

i=l 

n 

the synchronized product (product language) of {Li}, denoted by | Lj, is defined as 

i=l 

" n 

I U = {seE*\iie{l,...,n]:pi{s)eL,]= npr\Li). 
i=l »=1 

Remark 6: Using the product language, it is then possible to characterize the language of paral- 
lel composition of two automata Ai and A2, with respective event sets Ei and E2, in terms of their 
languages, as L{A^\\A2) = L{A^)\L{A2) = p^\L{Ai))np^\L{A2)) withp, : ^ E*, 

i = 1,2 [32]. Accordingly, the interleaving of two strings is defined as the product language 
to their respective automata as follows. Let Ai = {{qi, qn}, {qi}, Ei = {ei, e„}, 5i) and 
^2 = ({Q'd {O'l}' -^2 = {e'l, ej^}, ^2) denote path automata (automata with only one 

branch) gi ^2 ••• Qn and q[ q2 ■■■ q'm^ respectively. Then, L(Ai||A2) = s\s' = 
Pi^{s) n P2^{s') with s = ei, e„, s' = e[, and pi : {Ei U E2)* E*, i = 1,2. Here, s 
denotes the prefix-closure of an string, defined as the set of all prefixes of the string. Formally, 
if s is the event sequence s := 6162. ..e„, then s := {e, ei, 6162, eie2...e„}. 

Example 4: Consider three strings si = eia, S2 = ae2 and S3 = aei. Then the interleaving 
of si and S2 is Si|s2 = 61062 while the interleaving of two strings S2 and S3 becomes S2IS3 = 

{a6i62, 06261}. 

Appendix B 
Proof for Lemma [H 

Recalling Lemma 1 in [[1], stating that for a deterministic automaton As = {Q, qo, E = EiU 

E2, 6), As ^ PiiAs)\\P2iAs),it\cads to P n ^^{As) ^ Prn{As)\\P . ^^As), m = 1, . . . ,n- 

i = m i — m + 1 

n 

1, for As = iQ,qo,E = U^Ei,5). Therefore, As = P^ ^XAs) -< PiiAs)\\P^ ^^As) -< 

i—l z— 2 

n 

P^{As)\\P2{As)\\Pn^iAs)-<...^ II P.{As). 

Appendix C 
Proof for Lemma [2] 

Sufficiency: Consider the deterministic automaton As = {Q, qo, E, 5). The set of transitions in 

n 

II PiiAs) = {Z,zo,E,Sn) is defined as T = {zq := (xg, ■ ■ ■ ,Xo) z := {xi, ■■■ ,Xn) E 



Z :— YlQi}' where, {xl,-- - ,Xq) — > {xi,--- ,Xn) in || Pi{As) is the interleaving of 

i=l i=l 

Strings Xq Xi in Pi{As), i = 1, ■ ■ ■ ,n (projections of qo S{qo, Si) in As. Let L (As) C 
L{As) denote the largest subset of L{As) such that Vs G L{As)3s' e L{As), 3Ei,Ej e 
{El, En} , i 7^ j^PEiCiEj (s) and PEiCiEj (•§') start with the same event. Then, T can be divided 
into three sets of transitions corresponding to a division of {Fi, on the set of interleaving 



strings r = { I pi{si)\si e E*,qo S{qo,Si)}, where, Ti = { | pi{si) e r|si,-- - ,s. 

i=l 1=1 



n 



L{As), Si = ■■■ = Sn}, T2 = { \ Pi{Si) e r|si, ■■■ ,Sn i L{As) ,^Si, Sj e {Si, • • • , Sn}, Si ^ 

i=l 



Sj,}, — { \ Pi{si) e r|sj e L{As)}. Moreover, since As is deterministic, || Pi{As) -< As 

i=l i=l 
n n 

is reduced to 5{qo, \ Pi{s)y. in As for transitions in F. || Pi{As) -< As. 

i=l i=l 

Thus, defining a relation R as (zq, qo) e R, R := {{z, q) e Z x Q\3t e E*, z e S\\{zo, t)}, the 

n 

aim is to show that i? is a simulation relation from || Pi{As) to As. 

i=l 

For the interleavings in Fi, \/z, zi e Z, e e E, zi e S\\{z, e): 3q, qi e Q, 5{q, e) = qi such that 
yz[j] e {-^[1], • • • , z[n]} (the j — th component of z), 31 e loc{e), z[j] — [q\i. Similarly, Ve' e E, 

Z2 e Z, Z2 e S\\{zi,e'y. 3q2 G Q, S{qi,e') = ga- Now, if $Ei e {E^,--- ,E„}, {e, e'} e Ei, 
then the definition of parallel composition will furthermore induce that 32:3 E Z, Z3 G 5\\{z,e'), 
Z2 £ ^11(^3, e). This, together with DCl and DC2 implies that 3q^,qi e Q, 6{q,e') = q^, 
KQ3:^) — Qi and that e E*, 5\\{z2,t)\: 5{q2,t)\ and 5{q4,t)\. Therefore, any path automaton 



in II Pi(As) is simulated by As, and hence, 5{qo, \ Pi{s))\ in As, Vs e -^(^5). 

i=i i=i 

For the interleavings in F2, from the definition of F2, it follows that for any set of Si, 5{qo, Si)\, 
i e {1, • ■ ■ ) two cases are possible for F2: 

Case 1: Vs, s' e {si, ■■■ , s„}, WEi, Ej e {Ei, ■■■ , E^}: Pe.hEj {s) = e and pe.he, = £■ In 
this case, projections of such strings Si can be written as Pi{si) = e\, - ■ ■ , ej„ , i = 1, ■ ■ ■ ,n. The 

n nii 

interleaving of these projected strings leads to a grid of states and transitions in J| J| x* . as 

i=l ji=0 



x%,...,xl)^{y]\,---,yi:),withy]^^{ ' " = 0, 1, • • • , m,, 

ji ' 



a^jli) if i = ifc,j =ii + l 
a;**' , otherwise 

i — 1, • • • , n, ik = 1, • ■ ■ ) ^ = 1) ■ ■ ■ ) ^- This grid of transitions is simulated by counterpart 

transitions in As, as Vs, s' G {si, ■ ■■ , Sn}, for any two successive/adjacent events and e*'/, 
both orders exist in As, due to DCl and and hence, 5{qj^^i^,e^) = qj^^i^,, ji = 0,1, ■■ ■ , rrii, 

i — 1, - ■ ■ ,n, ik — 1, - ■ ■ ,n, k = 1, - ■ ■ ,n. Therefore, for any choice of Si corresponding to F2, 



S{qo, I Pi{si))\ in As. 

i=l 

Case 2: 3s, s' G {si,--- 3^^,^^ G {^i,--- ,En}: PE,nE,{s) ^ e ox pE,nE,{s') ^ e, 
but they do not start with the same event. Any such s and s' can be written as s = tiat2 
and s' = t[bt'^, where ti = d ■ ■ ■ e„, t[ = e[- ■ ■ e'^, ^ {E, n Ejy,\fi, j e {1, ■ ■ ■ ,n},i ^ j, 
3i,j G {1, ■ ■ ■ , n}, i ^ j, a,b E EiCiEj, t2, t'2 G E* . Therefore, due to synchronization constraint, 
the interleaving of strings will not evolve from a and h onwards, and hence, = 
Pi{ti)\pj{t'i) and pi{s')\pj{s) = and Case 2 is reduced to Case 1, leading to 

n 

^(^0, I Pi{si))\ in As. 

Furthermore, due to DC?), for any two distinct strings s, s' G L{As) (i.e., two strings starting 
from state q in As that 3Ei,Ej G {^i, i 7^ j, PE,nE,is),pE,nE,is') start with the same 
event a e Ei f] Ej) we have || Pi (A) -< As{q) (where A := • ^ • and As{q) 

denotes an automaton that is obtained from As, starting from q). This is particularly true for 
q = qo. Therefore, DCS implies that for the pair of strings s, s' (over the transitions in T3), and 

n 

corresponding automaton A, L( || Pi (A)) C L{As), that from the definition of synchronized 

j=i 

product means that fl p^ ({s, s'}) C L{As). For any pair of s', s" G L{As) also DCS similarly 

i=l 

rt _-, — — n -. — — 

results in fl p,^ ({s', s"}) C L{As), that collectively results in fl ({s, s', s"}) C L{As), due 

i=l i=l 

to the following lemma: 

Lemma 6: [[34l For any two languages Li,L2 defined over an event set E and a natural 
projection p : E* ^ E*, for Ei C E: pi{Li U L2) = Pi{Li) Upi(-^2) and p^^'i^Li U L2) = 
pT\L,)VJpT\L2). 

This, inductively means that for {si ■ ■ ■ , Sm} C L{As): fl p^ {{si}'^^) C ^(^5'), i.e., (5(go, | Pi{s 
in As, for transitions in Fs. 

Therefore, DC3 implies that all transitions in F are simulated by transitions in As that because 

n 

of the determinism oi As results in \\ Pi {As) -< As. 

1=1 

n 

Necessity: The necessity is proven by contradiction. Assume that || Pi{As) -< As, but DCl, 

i=l 

DC2 or DCS is not satisfied. 

If DCl is violated, then 3ei, 62 e E, q e Q, $Ei G {Ei, ■ ■ ■ , {d, 62} C Ei, [6{q, ei)! A 
5{q, 62)!] A-i[5(g, 6162)! A(5(g, 6261)!]. However, 6{q, ei)\A6{q, 62)!, from the definition of natural 
projection, implies that 5i{[q]i,ei)\ A 5j{[q]j, 62)1, in Pi{As) and Pj(y45), respectively, Vz G 



loc{ei),j G /oc(e2). This in turn, from definition of parallel composition leads to ■■ ■ , 

ei)!A5||(([g]i, ■ ■ ■ , [g]„),e2)! and ■ ■ ■ , [g]„), eie2)!A5||(([g]i, ■ ■ ■ , [g]„), eaCi)!. This means 

n 

that5||(([g]i, ■ ■ ■ , eie2)!A5||(([g]i, ■ ■ ■ , 6261)! in || Pi{As),hut ^[6 {q, 6162)1 A6{q,e2ei)\] 

i=l 

n 

in As, i.e., || Pi{As) -/< As which contradicts with the hypothesis. 

i=\ 

If DC2 is not satisfied, then 3ei,e2 E E, q E Q, $Ei E {Ei,--- ,-E„}, {61,62} C Ei, 
s E E*, -^[6{q,6i62s)\ 6{q,626is)\], i.e., 6162s)! V 6261s)!] A 6162s)! A 6{q, 

6261s)!]. The expression 6162s)! V (5(g, 6261s)!] from definition of natural projection and 
Lemma [H respectively implies that 6\\{{[q]i, ■ ■ ■ , [g]^), 6162)! A 6\\{{[q]i, ■ ■ ■ , [g]„), 6261)! and 

n 

^||((b]i, ■ ■ ■ , Mn), 6162s)! A S\\{{[q]i, ■■■ , [g]„), 6261s)! in || Pi{As). This in turn leads to 

i=l 
n 

(^iKlMi, ■ ■ ■ , [g]n), 6162s)! A 5||(([g]i, ■ ■ ■ , [g]„), 6261s)! in || Pi{As), but ^[5(g, 6162s)! A 

1=1 

n 

6261s)!] in As, that contradicts with || Pi{As) -< As- 

1=1 

The violation of DCS also leads to contradiction as S{qo,Si)\, i = I,-- - ,n, results in 

n n n 

■ ■ ■ Nn), I Pi(si))! in II Pi (^5), whereas -.5(go, | Pi{si))\ in As. 

i=l i=l i=l 

Appendix D 
Proof for Lemma [3] 

Sufficiency: Following two lemmas are used in the proof of Lemma [H 
Lemma 7: (Lemma 9 in PJ) Consider two automata Ai and A2, and let Ai be deterministic, 
Ai -< A2 with the simulation relation Ri and A2 -< Ai with the simulation relation R2. Then, 
R^^ = R2 if and only if there exists a deterministic automaton A[ such that A[ = A2. 

n 

Next, let Ai and A2 be substituted hy As and || Pi(As), respectively, in Lemma |71 Then, the 

i=l 

existence of A[ = A'^ in Lemma |7] is characterized by the following lemma. 

Lemma 8: Consider a deterministic automaton As and its natural projections Pi(As), i = 

n 

1, • ■ ■ ,n. Then, there exists a deterministic automaton A'g such that A'g = \\ Pi{As) if and only 

i=l 

if there exist deterministic automata PI{As) such that PI{As) = Pi{As), i = 1, - ■ ■ ,n. 

n 

Proof: Let As = (Q, go, E = U E,, 6), P^iAs) = (Q„ g^, E,, 6,), PHAs) = (Q^, g^ E,, 5'^, 

t=i ' 

n n 

z = l,---,n, II Pi{As) = {Z,zq,E,5\\), \\ /^'(As) = (Z', 5[|). Then, the proof of Lemma 

i=i i=i 
[8] is presented as follows. 

Sufficiency: The existence of deterministic automata Pl{As) such that Pl{As) = Pi{As), 

i = I,-- - ,n implies that 5'^, i = 1, ■ ■ ■ ,n are functions, and consequently from definition 



of parallel composition (Definition [8]), 5'n is a function, and hence 1 1 Pl(As) is deterministic. 



i=l 

n n 



Moreover, from Lemma [51 Pl{As) = Pi{As), i = I,-- - ,n lead to || Pl{As) = \\ Pi{As), 



i=l i=l 
n n 



meaning that there exists a deterministic automaton A'^ := 1 1 PI{As) such that A'g = \\ Pi{As). 

i=l i=l 

Necessity: The necessity is proven by contraposition, namely, by showing that if there does 
not exist deterministic automata PI(As) such that PI{As) = Pi{As), for i = 1,2, ■ ■ ■ , or n, 

n 

then there does not exist a deterministic automaton A'g such that A'g = \\ Pi{As). 

i=l 

Without loss of generality, assume that there does not exist a deterministic automaton P[{As) 
such that P[{As) = Pi{As). This means that 3g,gi,g2 e Q, e e Ei, ti,t2 G {E\Ei)*, t e E*, 
5{q,tie) = qi, 5{q,t2e) = q2, -^[S{qi,t)\ ^ S{q2,ty.], meaning that 5{qi,ty. A -^5{q2,ty. or 
A 5{q2,ty.. Again without loss of generality we consider the first case and show that 
it leads to a contradiction. The contradiction of the second case is followed, similarly. From 
the first case, 6{qi,ty. A -^S{q2,ty., definition of natural projection, definitions of parallel com- 
position and Lemma [Hit follows that ([gi]i, ([gi]2, • • • , [gi]n)) G ([g]2, ...,[?]„)), tie), 
(Ni,([gi]2,---,[gi]n)) G 5||(([g]i,([g]2,...,[g]n)),tie), ([gi]2, . • . , t)!, whereas 

n 

-i(5(([g2]i, {[qih, • • • ! [qi]n)),ty in II Pi{As), implying that there does not exist a deterministic 

n 

automaton A'^ such that A'g = \\ Pi{As), and the necessity is followed. ■ 
Now, Lemma [3] is proven as follows. 

Sufficiency: DCA implies that there exist deterministic automata Pl{As) such that Pl{As) = 

n 

Pi{As), 2 = 1, ■ ■ ■ , n. Then, from Lemmas [5] and [H it follows, respectively, that 1 1 Pl{As) = 

i=l 

n n 

Pi{As), and that there exists a deterministic automaton A'g := \\ Pl{As) such that A'g 



i=l 



Pi{As) that due to Lemma [71 it results in R^^ = R2. 

n 

Necessity: Let As be deterministic. As -< \\ Pi{As) with the simulation relation Ri and 



i=l 

3-1 



1=1 



Pi{As) -< As with the simulation relation R2, and assume by contradiction that R^ = R2, 
but DCA is not satisfied. Violation of DCA implies that for 3i G {1, • " ' )^}' there does not 
exists a deterministic automaton P,-{As) such that Pl{As) = Pi{As). Therefore, due to Lemma 

n 

[8l there does not exist a deterministic automaton A'g such that A'g = \\ Pi(As), and hence. 



i=l 



according to Lemma [71 it leads to Ri 7^ R2 which is a contradiction 
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